Linux 软件免费装
Banner图

WP远程用户同步

开发者 frogerme
更新时间 2024年11月19日 10:15
捐献地址: 去捐款
PHP版本: 7.0 及以上
WordPress版本: 6.7
版权: GPLv3
版权网址: 版权信息

标签

sync multiple sites share login

下载

1.2.11 1.2.14 2.0 1.1.12 1.2.5 2.0.1 2.0.2 2.0.3 2.0.4 1.0

详情介绍:

如果您运行多个网站并希望将用户分开,但针对特定用户操作自动安全地同步它们,则可以使用插件 WP Remote Users Sync。

安装:

This section describes how to install the plugin and get it working.
  1. Upload the plugin files to the /wp-content/plugins/wprus directory, or install the plugin through the WordPress plugins screen directly for all websites to connect together
  2. Activate the plugin through the 'Plugins' screen in WordPress on all websites to connect together
  3. Edit plugin settings on each site - follow on-screen help if necessary

屏幕截图:

  • Remote Sites tab with remote sites collapsed
  • Remote Sites tab with a remote site actions settings opened
  • Security tab - token, encryption, signature and IP settings
  • User Import/Export tab
  • Activity Logs tabs with example of communication activity to and from a remote site
  • 帮助标签

常见问题:

它是如何工作的?

WP Remote Users Sync "listens" to changes related to WordPress users, and fires outgoing "actions" to registered remote sites. The registered remote sites with WP Remote Users Sync installed then catch incoming actions and react accordingly. There is no "Master Website": each site is working independently, firing and receiving actions depending on each site's configuration.

没用!

Before opening a new issue on Github or contacting the author, please check the following:

  • The URLs used in settings of WP Remote Users Sync exactly match the URL in your WordPress settings: the protocol (https vs. https) and the subdomain (www vs. non-www) must be the same across the board. It is also worth checking the home option in the wp_options table of the WordPress databases, because in some cases the content of Settings > General > WordPress Address (URL) gets abusively overwritten by plugins or themes.
  • Visit the permalinks page of each connected site (Settings > Permalinks)
  • Activate and check the logs on both local and remote sites when testing (WP Remote Users Sync > Activity Logs > Enable Logs) ; try to find any discrepancies and adjust the settings
  • Make sure the feature you have issue with is NOT triggered by a third-party package (plugin or theme). If it is (for instance, data is not synced when updating a user from the front end, but works fine in the admin area), please contact the developer of the third-party package and ask them to follow best practices by triggering the appropriate actions like WordPress core does in the admin area when a user is updated.
  • 阅读支持论坛的已解决主题-您的问题可能已在此处解决
Only then should you open a support thread, with as much information as possible, including logs (with critical information obfuscated if necessary). Also please note this plugin is provided for free to the community and being maintained during the author's free time: unless there is a prior arrangement with deadlines and financial compensation, the author will work on it at their own discretion. Insisting to contact the author multiple times via multiple channels in a short amount of time will simply result in the response being delayed further or even completely ignored.

在 Safari 和 iOS 浏览器中,为什么我会在登录时看到“正在处理...”消息,为什么用户在注销时到处都已注销?

由于这些浏览器默认阻止跨域第三方 cookie 操作,因此需要显式重定向以登录用户并在注销时销毁所有用户会话。使用这种方法,只有第一方 cookie 被操纵。这类似于使用 Google 帐户登录 Youtube。 请注意,使用显式重定向时,登录用户操作需要更长的时间来处理,尤其是在连接了许多远程站点的情况下。

Login & Logout are not working

由于用于身份验证的 cookie,登录和注销用户操作需要在浏览器中输出一些代码才能对远程网站产生影响。 What this means in practice is that if your theme or a third-party plugin allows users to login/logout without page reload, WP Remote Users Sync cannot output its code on the page, and without extra change to your website code base, the synchronisation can only happen after the page where the user logged in or logged out is actually reloaded. Please also note that unless "Force Login Redirects & Logout Everywhere" is active, or if "Force Disable Login Redirects & Logout Everywhere" options is active in the "Browser Support" section of the "Miscellaneous" tab, Login and Logout User Actions will not work in browsers preventing cross-domain third-party cookie manipulation when the connected websites are on different domains.

激活 WP 远程用户同步后,现有用户会怎样?

Existing users remain untouched, until an enabled incoming action is received from a remote site. Users existing on one site and not the other will not be synchronised unless the user is actually updated AND both Create and Update actions are enabled on the site where the user does not exist. For existing user databases in need of immediate synchronisation, WP Remote Users Sync provides its own user import/export tool.

有哪些安全措施?

多层安全措施可以保护连接站点之间通信的隐私,完整性和真实性:

  • OpenSSL encryption - All communications are encrypted using the AES-256-CBC algorithm with a randomly generated Initialisation Vector to ensure their confidentiality
  • HMAC signature - All communications are signed with a hash using the SHA256 algorithm to ensure their integrity
  • Authentication tokens - All communications rely on an authentication token valid only for a limited period of time, and asynchronous actions (Login & Logout by default) use a single-use token (true nonce).
  • IP verification - IP addresses are verified using the REMOTE_ADDR server environment variable, which cannot be faked (unless the servers or the network infrastructure are already highly compromised, in which case there are bigger issues to worry about).
尽管采取了这些强大的安全措施,管理员仍需自行承担使用此插件的风险。对于因使用 WP 远程用户同步而造成的任何损失,作者概不负责。

对性能有什么影响?

WP Remote Users Sync needs to communicate with the remote sites to actually synchronise users. This means the impact on performances depends on the response time between the connected websites. Performance degradations are mitigated by the fact that Action Tokens (blocking request) are saved for a period of time, and by the fact that actions are fired ONLY when an operation has been performed on users (not on every page load). Asynchronous actions (Login & Logout by default) are the most costly: the operations themselves are not blocking, but their Action Tokens have to be renewed beforehand each time: true nonces, single-use tokens, are necessary for security reasons when firing actions from the browser. Asynchronous actions are also potentially more susceptible to failure in case of network issues, such as if the page load is interrupted or the enqueued script call failed in the browser ; this is a necessary trade-off as these actions require authentication cookie manipulations. Overall, performances should be marginally impacted. The main takeaway is this:

  • 网站的连接越多,对性能的负面影响就越大。
  • 远程站点之间的连接越差,对性能的相对负面影响就越大。

同步用户时如何处理用户角色?

当创建和更新操作被触发时,角色可以同步,启用角色操作,并匹配传输和接受的角色设置。

其他的用户信息呢? (WooCommerce / Ultimate Member /其他插件添加用户信息)

Extra user information can be synchronised too out of the box as long as they are stored in the user metadata. For example, it means all the address and profile information in WooCommerce can be synchronised, but not the orders status or subscription status.

用户密码呢?

Passwords are automatically synchronised as long as the Password action is enabled (outgoing and incoming respectively). Communications are encrypted, signed, token-validated and IP-validated to make the process as secure as possible. Passwords are NEVER communicated or stored in plain text. WP Remote User Sync integrates with any plugin updating passwords provided they do so respecting WordPress standards.

如果远程站点上不存在要同步的用户怎么办?

If the incoming Create action is enabled along with the incoming Update action, the user will be synchronised on the remote website upon user update. If other actions for this user are fired before that (Login, Logout, Delete, Password, Metadata), nothing will happen, and an action failure log entry will be recorded if the "Enable Logs" box is checked.

可以先在本地主机上对其进行测试吗?

Yes - as long as the websites can reach each other, WP Remote User Sync will work. This means that two websites in localhost (behind virtual hosts, for example) can communicate. However, if one of the websites is on localhost and the other is not, token exchange cannot happen and the websites will not be able to communicate.

如何从该站点导出用户并将其导入到远程站点?

WP Remote Users Sync provides its own user import/export tool. With it, administrators can:

  • 导出所有用户
  • 导出具有指定角色的用户
  • 导出具有或不具有其角色的用户
  • 导出具有或不具有指定元数据的用户
  • 导出一批用户-例如,一次导出 500 个用户,将“最大数量”设置为 500,将“偏移”设置为 0、500、1,000、1,500、2,000 ...,并重复导出操作,直到没有更多用户要导出为止。
  • 使用先前导出的文件将用户导入远程站点
Once downloaded, the files are automatically deleted. In case some files were not downloaded and remained on the server, the containing directory is also cleaned daily. Exported files are not directly accessible by URL: only administrators can access them. User passwords cannot be and are NOT exported.

在哪里可以找到更多帮助?

More help can be found on the WordPress support forum for general inquiries and on Github for advanced troubleshooting. Help is provided for previously unanswered general enquiries and bug fixes only: feature requests, extra integration or conflict resolution with third-party themes or plugins, and specific setup troubleshooting requests will not be addressed (Website administrators must contact a third-party developer).

更新日志:

2.0.5 2.0.4 2.0.3 2.0.2 2.0.1 2.0 1.2.14 1.2.13 1.2.12 1.2.11 1.2.9 1.2.8 1.2.7 1.2.6 1.2.5 1.2.4 1.2.3 1.2.2 1.2.1 1.2 1.1.12 1.1.11 1.1.10 1.1.9 1.1.8 1.1.7 1.1.6 1.1.5 1.1.4 1.1.3 1.1.2 1.1.1 1.1 1.0.3 1.0.2 1.0.1 1.0